Количество 3
Количество 3
CVE-2015-9235
In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family).
CVE-2015-9235
In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family).
GHSA-c7hr-j4mj-j2w6
Verification Bypass in jsonwebtoken
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2015-9235 In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family). | CVSS3: 7.3 | 32% Средний | почти 8 лет назад |
 | CVE-2015-9235 In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family). | CVSS3: 9.8 | 32% Средний | больше 7 лет назад |
| GHSA-c7hr-j4mj-j2w6 Verification Bypass in jsonwebtoken | 32% Средний | больше 7 лет назад |
Уязвимостей на страницу